• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Understanding MoreSecurity and MoreAuthSample
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Understanding MoreSecurity and MoreAuthSample

  • Subject: Re: Understanding MoreSecurity and MoreAuthSample
  • From: "Peter Sichel" <email@hidden>
  • Date: Thu, 11 Sep 2003 17:27:43 -0400
>We have been doing an in depth study of MoreAuthSample and MoreSecurity.
>We have what seem to be different and specialized needs for authenticated
>tools, so we are trying to understand why the code is arranged the way it is.
>
>In particular, the code goes to great lengths to have the executed tool
>call AuthenticationExecuteWithPrivileges (AEWP). Is there some reason
>that the application itself should _not_ be calling AEWP? Is there some
>security problem that I am just missing?

I find this particular aspect of the sample rather clumsy and
haven't updated my own code to follow it yet.

My guess as to why it does this is to avoid the trojan horse problem.
That is, the possibility that your tool which your application authorizes
could be replaced by an impostor which your application then authorizes.

I use a simpler approach to minimize this problem:

(1) The application seeks to verify the identity of each tool before
authorizing to avoid casual replacement. This verification
can be simple or complex depending on the security environment.
Ultimately, Apple should provide a mechanism for applying
digital signatures to executable components.

(2) I point out that you can improve security by not allowing
unauthorized users to gain write access to the bundle containing
a privileged application. This same principle applies to any
privileged application installed on your system.

Apple's approach raises the bar somewhat, but doesn't preclude the
possibility of an impostor.

The above is speculation on my part. Apple needs to provide a clear
and unambiguous security model to developers if it wishes to avoid a
hodge podge of half baked measures.

- Peter
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Understanding MoreSecurity and MoreAuthSample
      • From: Quinn <email@hidden>
References: 
 >Understanding MoreSecurity and MoreAuthSample (From: "Duane Murphy" <email@hidden>)

  • Prev by Date: Re: UDP Broadcast self send
  • Next by Date: Re[2]: macnetworkprog digest, Vol 3 #519 - 8 msgs
  • Previous by thread: Understanding MoreSecurity and MoreAuthSample
  • Next by thread: Re: Understanding MoreSecurity and MoreAuthSample
  • Index(es):
    • Date
    • Thread